38 matches found
CVE-2023-26955
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Admin Group module...
CVE-2023-26954
CVE-2023-26954 affects onekeyadmin v1.3.9, with a stored cross-site scripting (XSS) vulnerability in the User Group module . The issue is characterized as a stored XSS (root cause not further detailed in the sources) with CVSSv3.1 base metrics: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, base score 5.4 ...
CVE-2023-26954
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the User Group module...
CVE-2023-26954
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the User Group module...
CVE-2023-26955
Affected software: onekeyadmin v1.3.9. Vulnerability: stored cross-site scripting (XSS) via the Admin Group module. Root cause / nature: XSS flaw enabling injection in the Admin Group component, as reported across multiple sources. Impact (as stated): medium severity per CVSS 3.1 (Base score 5.4)...
OneKeyAdmin 跨站脚本漏洞
OneKeyAdmin is About plug-in management system based on Thinkphp6+Element, website, applet, mall, CMS, APP, ERP, API interface a system to get it all done, no scaffolding out of the box! A security vulnerability exists in OneKeyAdmin version 1.3.9, which stems from the discovery of a stored...
@5minlab/serverless-typeorm (=1.1.0), @abdelrahmannoaman-mdlabs/group-module (>=1.0.1 <=1.0.68) +2285 more potentially affected by CVE-2022-33171 via typeorm (>=0.0.10 <=0.3.0-rc.33)
typeorm NPM version =0.0.10, =1.0.1, =3.3.4, =1.0.1, =0.0.1, =0.9.3, =1.0.0, =1.1.126, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =0.1.1 and more Source cves: CVE-2022-33171 Source advisory: OSV:GHSA-FX4W-V43J-VC45...
DRUPAL-CONTRIB-2020-033
The Group module enables you to hand out permissions on a smaller subset, section or community of your website. Under very specific circumstances, where two group types support the same content, yet hand out different permissions, non-members of the first group type may use the set of permissions...
DRUPAL-CONTRIB-2020-032
The Group module enables you to hand out permissions on a smaller subset, section or community of your website. With the 1.1 security release, new code was introduced to ensure proper access for all entity types, but a mistake introduced unexpected access to unpublished nodes...
Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-032
The Group module enables you to hand out permissions on a smaller subset, section or community of your website. With the 1.1 security release, new code was introduced to ensure proper access for all entity types, but a mistake introduced unexpected access to unpublished nodes...
Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-033
The Group module enables you to hand out permissions on a smaller subset, section or community of your website. Under very specific circumstances, where two group types support the same content, yet hand out different permissions, non-members of the first group type may use the set of permissions...
Drupal Field Group Module Cross-Site Scripting Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Field Group is one of the modules used to group fields. A cross-site scripting vulnerability exists in Drupal Field Group, which can be exploited by remote attackers to inject malicious...
CVE-2016-1565
Cross-site scripting XSS vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject arbitrary web script or HTML via an element attribute...
CVE-2016-1565
Cross-site scripting XSS vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject arbitrary web script or HTML via an element attribute...
CVE-2016-1565
An XSS vulnerability (CVE-2016-1565) affects the Drupal Field Group module for Drupal 7.x: versions prior to 7.x-1.5; remote authenticated users with permission to configure field display settings can inject script/HTML via an element attribute. Drupal core is not affected. Remediation: upgrade F...
CVE-2013-1907
The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors...
CVE-2013-1907
The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors...
CVE-2013-1907
The CVE-2013-1907 issue affects the Drupal Commons distribution’s Commons Groups module (versions prior to 7.x-3.1). The vulnerability arises from inadequate access control, allowing remote/anonymous users to post arbitrary content to groups via unspecified vectors, effectively an access bypass w...